What is CVE-2021-24316?

CVE-2021-24316 is a vulnerability in Wowthemes Mediumish, classified under Cross-site Scripting. Published 2021-06-01.

Is CVE-2021-24316 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Wowthemes Mediumish

CVE-2021-24316

The search feature of the Mediumish WordPress theme through 1.0.47 does not properly sanitise it's 's' GET parameter before output it back the page, leading to the Cross-SIte Scripting issue.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.574 (98.2th percentile) — read the EPSS interpretation.

Affected products

Wowthemes Mediumish — versions 1.0.47

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

References

wpscan.com/vulnerability/57e27de4-58f5-46aa-9b59-809705733b2e (x_refsource_CONFIRM)
m0ze.ru/vulnerability/[2021-03-14]-[WordPress]-[CWE-79]-Mediumish-WordPress-The… (x_refsource_MISC)
www.wowthemes.net/themes/mediumish-wordpress/ (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-24316?: CVE-2021-24316 is a vulnerability in Wowthemes Mediumish, classified under Cross-site Scripting. Published 2021-06-01.
Is CVE-2021-24316 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.